pki: Add generic 'priv' key type that loads any type of private key
authorTobias Brunner <tobias@strongswan.org>
Wed, 31 Aug 2016 15:57:12 +0000 (17:57 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 5 Oct 2016 09:32:52 +0000 (11:32 +0200)
12 files changed:
src/pki/commands/issue.c
src/pki/commands/keyid.c
src/pki/commands/print.c
src/pki/commands/pub.c
src/pki/commands/req.c
src/pki/commands/self.c
src/pki/man/pki---issue.1.in
src/pki/man/pki---keyid.1.in
src/pki/man/pki---print.1.in
src/pki/man/pki---pub.1.in
src/pki/man/pki---req.1.in
src/pki/man/pki---self.1.in

index fdc43d7..b15f901 100644 (file)
@@ -117,6 +117,11 @@ static int issue()
                                        type = CRED_PRIVATE_KEY;
                                        subtype = KEY_BLISS;
                                }
+                               else if (streq(arg, "priv"))
+                               {
+                                       type = CRED_PRIVATE_KEY;
+                                       subtype = KEY_ANY;
+                               }
                                else if (!streq(arg, "pub"))
                                {
                                        error = "invalid input type";
@@ -580,7 +585,7 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t) {
                issue, 'i', "issue",
                "issue a certificate using a CA certificate and key",
-               {"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
+               {"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
                 " --cacert file [--dn subject-dn] [--san subjectAltName]+",
                 "[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
                 "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
index 5dfb337..f79120b 100644 (file)
@@ -26,7 +26,7 @@
 static int keyid()
 {
        credential_type_t type = CRED_PRIVATE_KEY;
-       int subtype = KEY_RSA;
+       int subtype = KEY_ANY;
        certificate_t *cert;
        private_key_t *private;
        public_key_t *public;
@@ -60,6 +60,11 @@ static int keyid()
                                        type = CRED_PRIVATE_KEY;
                                        subtype = KEY_BLISS;
                                }
+                               else if (streq(arg, "priv"))
+                               {
+                                       type = CRED_PRIVATE_KEY;
+                                       subtype = KEY_ANY;
+                               }
                                else if (streq(arg, "pub"))
                                {
                                        type = CRED_PUBLIC_KEY;
@@ -172,11 +177,11 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t)
                { keyid, 'k', "keyid",
                "calculate key identifiers of a key/certificate",
-               {"[--in file] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]"},
+               {"[--in file] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"in",          'i', 1, "input file, default: stdin"},
-                       {"type",        't', 1, "type of key, default: rsa"},
+                       {"type",        't', 1, "type of key, default: priv"},
                }
        });
 }
index 9dc080f..8cb0a7b 100644 (file)
@@ -89,6 +89,11 @@ static int print()
                                        type = CRED_CERTIFICATE;
                                        subtype = CERT_TRUSTED_PUBKEY;
                                }
+                               else if (streq(arg, "priv"))
+                               {
+                                       type = CRED_PRIVATE_KEY;
+                                       subtype = KEY_ANY;
+                               }
                                else if (streq(arg, "rsa") ||
                                                 streq(arg, "rsa-priv"))
                                {
@@ -176,7 +181,7 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t)
                { print, 'a', "print",
                "print a credential in a human readable form",
-               {"[--in file] [--type x509|crl|ac|pub|rsa|ecdsa|bliss]"},
+               {"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"in",          'i', 1, "input file, default: stdin"},
index ccc3c42..1d876f6 100644 (file)
@@ -28,7 +28,7 @@ static int pub()
 {
        cred_encoding_type_t form = PUBKEY_SPKI_ASN1_DER;
        credential_type_t type = CRED_PRIVATE_KEY;
-       int subtype = KEY_RSA;
+       int subtype = KEY_ANY;
        certificate_t *cert;
        private_key_t *private;
        public_key_t *public;
@@ -59,6 +59,11 @@ static int pub()
                                        type = CRED_PRIVATE_KEY;
                                        subtype = KEY_BLISS;
                                }
+                               else if (streq(arg, "priv"))
+                               {
+                                       type = CRED_PRIVATE_KEY;
+                                       subtype = KEY_ANY;
+                               }
                                else if (streq(arg, "pub"))
                                {
                                        type = CRED_PUBLIC_KEY;
@@ -189,13 +194,13 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t) {
                pub, 'p', "pub",
                "extract the public key from a private key/certificate",
-               {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]",
+               {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv|pub|pkcs10|x509]",
                 "[--outform der|pem|dnskey|sshkey]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"in",          'i', 1, "input file, default: stdin"},
                        {"keyid",       'x', 1, "keyid on smartcard of private key"},
-                       {"type",        't', 1, "type of credential, default: rsa"},
+                       {"type",        't', 1, "type of credential, default: priv"},
                        {"outform",     'f', 1, "encoding of extracted public key, default: der"},
                }
        });
index 68d6112..23d07a2 100644 (file)
@@ -30,7 +30,7 @@
 static int req()
 {
        cred_encoding_type_t form = CERT_ASN1_DER;
-       key_type_t type = KEY_RSA;
+       key_type_t type = KEY_ANY;
        hash_algorithm_t digest = HASH_UNKNOWN;
        certificate_t *cert = NULL;
        private_key_t *private = NULL;
@@ -62,6 +62,10 @@ static int req()
                                {
                                        type = KEY_BLISS;
                                }
+                               else if (streq(arg, "priv"))
+                               {
+                                       type = KEY_ANY;
+                               }
                                else
                                {
                                        error = "invalid input type";
@@ -194,14 +198,14 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t) {
                req, 'r', "req",
                "create a PKCS#10 certificate request",
-               {"  [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
+               {"  [--in file] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name",
                 "[--san subjectAltName]+ [--password challengePassword]",
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
                 "[--outform der|pem]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"in",          'i', 1, "private key input file, default: stdin"},
-                       {"type",        't', 1, "type of input key, default: rsa"},
+                       {"type",        't', 1, "type of input key, default: priv"},
                        {"dn",          'd', 1, "subject distinguished name"},
                        {"san",         'a', 1, "subjectAltName to include in cert request"},
                        {"password",'p', 1, "challengePassword to include in cert request"},
index f4e83c7..6fb7b75 100644 (file)
@@ -94,6 +94,10 @@ static int self()
                                {
                                        type = KEY_BLISS;
                                }
+                               else if (streq(arg, "priv"))
+                               {
+                                       type = KEY_ANY;
+                               }
                                else
                                {
                                        error = "invalid input type";
@@ -417,7 +421,7 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t) {
                self, 's', "self",
                "create a self signed certificate",
-               {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss]",
+               {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
                 " --dn distinguished-name [--san subjectAltName]+",
                 "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
                 "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
@@ -431,7 +435,7 @@ static void __attribute__ ((constructor))reg()
                        {"help",                        'h', 0, "show usage information"},
                        {"in",                          'i', 1, "private key input file, default: stdin"},
                        {"keyid",                       'x', 1, "keyid on smartcard of private key"},
-                       {"type",                        't', 1, "type of input key, default: rsa"},
+                       {"type",                        't', 1, "type of input key, default: priv"},
                        {"dn",                          'd', 1, "subject and issuer distinguished name"},
                        {"san",                         'a', 1, "subjectAltName to include in certificate"},
                        {"lifetime",            'l', 1, "days the certificate is valid, default: 1095"},
index 20238b7..bfc7bb1 100644 (file)
@@ -67,9 +67,10 @@ Public key or PKCS#10 certificate request file to issue. If not given the
 key/request is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
-Type of the input. One of \fIpub\fR (public key), \fIrsa\fR (RSA private key),
-\fIecdsa\fR (ECDSA private key), or \fIpkcs10\fR (PKCS#10 certificate request),
-defaults to \fIpub\fR.
+Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key),
+\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
+private key) or \fIpkcs10\fR (PKCS#10 certificate request), defaults to
+\fIpub\fR.
 .TP
 .BI "\-k, \-\-cakey " file
 CA private key file. Either this or
index ecd8132..c69f7cb 100644 (file)
@@ -44,10 +44,10 @@ Read command line options from \fIfile\fR.
 Input file. If not given the input is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
-Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
-private key), \fIbliss\fR (BLISS private key), \fIpub\fR (public key),
-\fIpkcs10\fR (PKCS#10 certificate request), \fIx509\fR (X.509 certificate),
-defaults to \fIrsa\fR.
+Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
+\fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS private key),
+\fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate request),
+\fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
 .
 .SH "EXAMPLES"
 .
index a3b10e7..09f81cd 100644 (file)
@@ -46,8 +46,9 @@ Input file. If not given the input is read from \fISTDIN\fR.
 .BI "\-t, \-\-type " type
 Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
 Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
-\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
-private key), defaults to \fIx509\fR.
+\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private
+key), \fIbliss\fR (BLISS private key), \fIpriv\fR (private key), defaults to
+\fIx509\fR.
 .
 .SH "SEE ALSO"
 .
index c57e03a..fe6c520 100644 (file)
@@ -47,10 +47,9 @@ Read command line options from \fIfile\fR.
 Input file. If not given the input is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
-Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
-private key), \fIpub\fR (public key),
-\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate),
-defaults to \fIrsa\fR.
+Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
+\fIecdsa\fR (ECDSA private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10
+certificate request), or \fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
 .TP
 .BI "\-f, \-\-outform " encoding
 Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR
index a6f6a48..4a39c5c 100644 (file)
@@ -49,7 +49,8 @@ Read command line options from \fIfile\fR.
 Private key input file. If not given the key is read from \fISTDIN\fR.
 .TP
 .BI "\-t, \-\-type " type
-Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
+defaults to \fIpriv\fR.
 .TP
 .BI "\-d, \-\-dn " distinguished-name
 Subject distinguished name (DN). Required.
index 53f53f8..9461e3e 100644 (file)
@@ -68,7 +68,8 @@ Private key input file. If not given the key is read from \fISTDIN\fR.
 Key ID of a private key on a smartcard.
 .TP
 .BI "\-t, \-\-type " type
-Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
+defaults to \fIpriv\fR.
 .TP
 .BI "\-d, \-\-dn " distinguished-name
 Subject and issuer distinguished name (DN). Required.